Saved in:
Bibliographic Details
Main Author: Gamage, Yeran
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.20911
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915950603796480
author Gamage, Yeran
author_facet Gamage, Yeran
contents LLM agents deployed in production operate under operator-defined behavioral policies (system-prompt instructions such as prohibitions on credential disclosure, data exfiltration, and unauthorized output) that safety evaluations assume hold throughout a conversation. Prohibition-type constraints decay under context pressure while requirement-type constraints persist; we term this asymmetry Security-Recall Divergence (SRD). In a 4,416-trial three-arm causal study across 12 models and 8 providers at six conversation depths, omission compliance falls from 73% at turn 5 to 33% at turn 16 while commission compliance holds at 100% (Mistral Large 3, $p < 10^{-33}$). In the two models with token-matched padding controls, schema semantic content accounts for 62-100% of the dilution effect. Re-injecting constraints before the per-model Safe Turn Depth (STD) restores compliance without retraining. Production security policies consist of prohibitions such as never revealing credentials, never executing untrusted code, and never forwarding user data. Commission-type audit signals remain healthy while omission constraints have already failed, leaving the failure invisible to standard monitoring.
format Preprint
id arxiv_https___arxiv_org_abs_2604_20911
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Omission Constraints Decay While Commission Constraints Persist in Long-Context LLM Agents
Gamage, Yeran
Cryptography and Security
Artificial Intelligence
LLM agents deployed in production operate under operator-defined behavioral policies (system-prompt instructions such as prohibitions on credential disclosure, data exfiltration, and unauthorized output) that safety evaluations assume hold throughout a conversation. Prohibition-type constraints decay under context pressure while requirement-type constraints persist; we term this asymmetry Security-Recall Divergence (SRD). In a 4,416-trial three-arm causal study across 12 models and 8 providers at six conversation depths, omission compliance falls from 73% at turn 5 to 33% at turn 16 while commission compliance holds at 100% (Mistral Large 3, $p < 10^{-33}$). In the two models with token-matched padding controls, schema semantic content accounts for 62-100% of the dilution effect. Re-injecting constraints before the per-model Safe Turn Depth (STD) restores compliance without retraining. Production security policies consist of prohibitions such as never revealing credentials, never executing untrusted code, and never forwarding user data. Commission-type audit signals remain healthy while omission constraints have already failed, leaving the failure invisible to standard monitoring.
title Omission Constraints Decay While Commission Constraints Persist in Long-Context LLM Agents
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2604.20911